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1. ABSTRACT 

A NEW ERA IN CYBERSECURITY 

Cybersecurity has finally met the 
blockchain, and the implications for the 
world of data security are momentous. 
Naoris is the world's first holistic 
blockchain-based cybersecurity platform, 
bringing a game-changing solution to 
address 35 years' worth of industry 
practice through the unrivalled security 
potential of blockchain. 

Global spending on cybersecurity 
products and services is expected to 
exceed $1 trillion overthe next three 
years. Despite this, hackers still manage 
to cause up to $3 trillion worth of 
damage per year in all forms of 
cybercrime. 

Leveraging the benefits of blockchain 
technology, Naoris enables individuals 
and businesses to assert an 
unprecedented amount of control over 
their data and digital security. In 
bypassing traditional industry practice 
which makes use of potential single 
points of security failure like vendors, 
intermediaries and third parties, Naoris 
elevates the peer-to-peer format into a 
truly collaborative security infrastructure 
where an increased number of users 
results in enhanced, instead of reduced, 
digital security. 

Naoris is a cybersecurity ecosystem that 
is agnostic to device or operating system, 
meaning that it works on any networked 
device, be it a smartphone, a computer, a 
smart fridge, or a self-driving car. 


In harnessing the power of the infinitely 
scalable blockchain across a truly vast 
number of users, Naoris enables a reality 
where individuals and businesses can 
feel truly secure as they carry out their 
everyday business, protected by its 
anonymity and significant processing 
power. 

Conceptualized and founded by a team 
with decades of key experience and 
thought leadership in cybersecurity and 
data security, Naoris promises to 
revolutionize the security space, creating 
an avenue for risk-free information 
sharing, decentralization, and ultimately 
industry-wide standardization. The end 
goal is for the default security solution to 
stop deferring to the creation of device 
and network silos, which are themselves 
a significant risk factor, and instead 
gravitate toward a distributed, 
democratic trust-generating framework. 

For much of the past half century, device 
and network security has operated in a 
silo mind-set, with most environments 
(regardless of criticality to society and 
business) based on centralization of data 
and processing. As such, each of the 
supporting devices within such 
ecosystems becomes a potential point of 
weakness, resulting in imminent failure 
in the event of an attack. This is 
incredibly risky, as the compromise of a 
single networked device would 
undoubtedly allow the attacker to gain 
access and control over an entire 
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network, and abuse this level of access, 
whether the environment is a traditional 
business, industry or nation state 
agency. 

At this juncture, the threat actor has the 
capability to wreak havoc in terms of IP 
exfiltration and ownership of critical 
applications and impersonation, 
becoming in effect an APT (advanced 
persistent threat). Such a threat could go 
undetected for weeks, months, years or 
indeed indefinitely. Threat actors exploit 
business critical systems for personal 
profit, to further the agendas of certain 
groups or power structures, or as an act 
of cyberwar or cyber-espionage. 
Needless to say, the results generated 
by the traditional siloed cybersecurity 
framework have often under-delivered; 
however, these same technigues and 
underlying weaknesses continue to 
prevail in the current industry norms, 
making countless networks vulnerable to 
exploitation. 


Current cybersecurity solutions need to 
leapfrog these threats. The Naoris 
cybersecurity ecosystem introduces 
fundamental changes to the traditional 
approach, which address these risks. 
Based on market-leading, proprietary 
and proven new technology, and backed 
by a team of experienced cybersecurity 
and blockchain experts, Naoris aims to 
become a real game-changer. The 
company's objective is not only to 
exponentially improve data security and 
verification, but ultimately to play a 
fundamental role in the ongoing 
evolution into the cybersecurity 
landscape of the future. 

As technology evolves and the Internet 
of Things (IOT) becomes more central 
and relevant to our existence than ever 
before, cybersecurity needs to evolve 
too, and fast. The market is ripe for 
change, and Naoris 1 innovative platform 
represents the logical next step. 
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2.INTRODUCTION 


This paper will discuss the weaknesses 
that are found in cyberspace along with 
the huge number of dangers to nation 
state structures and infrastructure, 
regulated organizations and industry 
from a theoretical and practical 
standpoint, and the proposed blockchain 
backed solutions. 

The most fundamental argument of this 
paper is that the evaluations presented 
every year by systems and cybersecurity 
experts at large, including by various 
global studies which conclude that 
cyberspace is an expansion of warfare or 
solely a war-fighting domain, are 
essentially reductive and 
unrepresentative of the real nature of 
what is happening today and its impact 
given the traditional defensive paradigm. 

Cyberspace is a constantly changing 
space, highly disputed andaoneofa 
kind environment without precedent in 
human civilization. If anything, it 
encompasses the traditional war-fighting 
domains, as an essential part of this is 
the need for complete inter-connectivity 
and insight into practically all aspects. 

We feel that a new paradigm of research 
is needed into the nature of what makes 
traditional networks and their assets 
weak. The paper will focus on a 
multidisciplinary approach in assessing 
cyberspace weaknesses and its 
proposed distributed consensus 

1 httP5://www.c5Qonline.com/article/3132722/5ecuritu/ 

cubersecuritu-industru-outlook-2017-to-2021.html 


solutions. It will bring together the areas 
of sociology, technology, computer 
engineering, physics and global security 
research. 

Today's world is overrun by malware, 
lack of enforcement of standards, hacks 
and fraud. Cybersecurity is the fastest- 
growing domain in the IT industry. It is 
based on a model that has remained 
static for 35 years, while hackers 
innovate and accelerate ahead, projected 
to cause up to $6 trillion in annual 
damage by 2021, up from $3 trillion in 
2015. 1 

When we know that each new 
connection makes a network weaker, and 
only 51% of the world population is 
connected, it is only a small leap to see 
what the impact to the world economy 
will be in the near future. To compound 
this, the traditional approach to 
cybersecurity is a centralized one that 
often acts as a single point of failure. 2 
Every device, every end-point is a 
potential point of penetration to the 
customer network. An attacker can move 
up in the system once he discovers the 
vulnerability and obtain critical files or 
exploit the system's weaknesses. 

The paper will begin with a theoretical 
evaluation of networks and their 
concepts to show the huge inter¬ 
connectivity and the weaknesses they 

2 httP5://thenextweb.com/contributor5/2017/D4/11/current-global 

-state-internet/ 


05 






bring about in the sphere of 
cybersecurity. This will be followed by a 
segment focused on the complexity and 
self-similarity theory. This will 
demonstrate the 'cascading event' 
brought about by the fact that cyber¬ 
attacks journey across organizations 
much alike weather events journey 
across the planet, and impact all other 
ecosystems; thus, they represent 
substantial dangers if misunderstood 
and misinterpreted. 

The subseguent chapters of this paper 
will transition from thought to practice, 
and exhibit the boundless circumstantial 
weaknesses and solutions to the 
relevant cybersecurity domains within 
those case systems. The various sections 
of the paper will pay attention to the 
methodology of subversive strikes like 
social engineering and several use case 
analysis from a risk perspective. These 
solutions are based in various cyber 
domains to show the gigantic risks posed 
by both state-backed attackers and non- 
state-backed sophisticated threat actors. 

The paper will conclude with an overview 
and suggestions to restrict future cyber¬ 
attacks within the current threat universe 
where we are all increasingly more 
connected (meaning that the 
vulnerabilities and risks are set to 
increase and need a fresh approach). 


2.1 Historical Background of 
Distributed Systems 

The notion of provable distributed truth, 
i.e. provable distributed integrity, has 
existed since the beginning of networked 
computing. The use of concurrent 
processes that communicate through 
message-passing had its origins in 
operating system architectures studied 
as early as the 1960s. 

The Advanced Research Projects Agency 
Network (ARPANET) was an early packet 
switching network and the first network 
to implement the protocol suite TCP/IP. 
Both technologies became the technical 
foundation of the Internet. 3 

The first widespread distributed systems 
were local-area networks, like Ethernet, 
which were devised in the '9705. 
ARPANET itself, the predecessor of the 
internet, was released for testing in the 
late '9605, and its email was devised in 
the early ^Os as a federated 
environment. 

E-mail became the most prosperous 
program of ARPANET, plus it is most 
likely the earliest example of a large 
scale distributed application. The 
analysis of distributed computing, from a 
perspective of local architectures and 
networks became its own branch of 
computer science. 


3 https://en.wikipgdia.org/wiki/ARPANET 
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Besides ARPANET, and its successor, the 
World Wide Web, other ancient global 
computer networks included Usenet 
along with FidoNet from the '9805, both 
of which were used to support 
distributed discussion boards. Despite 
this success, the more complex tasks, 
largely related to cybersecurity, were 
mostly relegated to pseudo- 
decentralized environments at best, 
namely more mature federated systems 
that are still employed today in 
cybersecurity, SIEMs, AVs, CAs, etc. 

However mature federated systems may 
be today, they fundamentally lack the 
capacity to deal with truth, and operate 
mainly on a premise of trust. 

2.2. Generating Risk by 
Outsourcing Trust 

Within any corporate or critical 
environment, having a central point of 
governance should produce the 
assumption that any infrastructure will at 
some point be compromised, or 
vulnerable to falling prey to external 
power structures with their own 
agendas, if it is not in that state already. 
The fact is that trust is an asset that 
cannot be outsourced without incurring 
massive risk, despite the circumstance of 
the centralization and the intricacies 
offered by it and/or with all the people 
operating those tools on the organization 
or client's behalf. 

Itshouldalsobe assumed that the 
current infrastructure is already 
compromised, or will be in the future, due 


to lack of best practice. As such, the 
more crucial and valuable the resources 
at play, i.e. strategy plans, mergers and 
acguisitions and other important 
documents, Intellectual Property (IP), 
Personal Identifiable Information (Pll) 
databases, etc., the higher the likelihood 
that a threat actor will, or is, endangering 
this digital asset, which if compromised 
and left unchecked could lead to a 
survivability event for the business or 
otherwise monetary and/or reputational 
damage. 

Today, in order to achieve the task in a 
reasonably secure and distributed 
manner there are various solutions to 
choose from, as mentioned above. These 
solutions, however, are not perfect and 
rely on strategies that must be put in 
place to otherwise circumvent some 
vulnerabilities with this model, while 
keeping it clearly ahead of traditional 
technologies used in this space. As such, 
in order to achieve a design of a system 
that finds deceptive inputs from 
malicious actors that own nodes or have 
subverted them in their workings while 
discouraging such subversion activities 
we suggest that the most important 
crypto-cyber platform of the current age 
is going to be the one that focuses 
mainly on the way to pick the ideal 
model for the job at hand. 

This entails providing a safe, 
performance-heavy and light-processing, 
elastic consensus mechanism, relying on 
multichain backups for added resilience 
and trusted-nodes following a 
permissioned-defined list of rules of 
engagement. The consensus mechanics 
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themselves may be paired using almost 
any technique of Sybil immunity to 
generate an openly verifiably secure 
environment for such critical backbone 
transactions. A Sybil attack is an attack in 
which the identities of the node are 
subverted and the large number of 
pseudonymous identities is produced to 
gain the access of the network. 4 

In contracts that are well created, the off- 
chain data origin is a trusted-node of 
high seniority. 

The year 2017 was the year where 
incidents in the cyber threat arena 
resulted in the definitive recognition of 
some universal truths. There was 
unwavering evidence regarding 
monetization procedures, attacks to 
democracies, cyberwar, transformation 
and abuse of malicious infrastructures, 
along with the dynamics contained in 
threat agent groups. 

However, 2018 has also attracted 
successful operations against cyber¬ 
criminals, albeit not sufficient. Law 
enforcement, governments and 
businesses have successfully shut down 
illegal dark markets, de-anonymized 
most of the Darknet and arrested cyber¬ 
criminals. Moreover, state-sponsored 
campaigns were revealed and specific 
intelligence regarding such technologies 
deployed by nation states were also 
leaked, potentially benefiting the privacy 
of citizens and the rule of law while 


allowing cyber criminals to have access 
top nation-state level hacking tools thus 
making society more unsafe and 
opening the way to cyber-terrorism. 

The cybersecurity community remains 
far from hitting the balance between 
defenders and attackers. Although 2017 
and 2018 have achieved records in 
security-related investments, they have 
also brought new documented cyber¬ 
attacks of manual sorts, global data 
breaches, and costly information loss. 

From this clear standpoint, one may 
argue that there is a market failure in 
cybersecurity; that is, the fact that 
theoretically higher defense levels and 
higher associated expenses cannot 
successfully reduce levels of real world 
cyber threat exposure. Whether that is a 
result of a segmented cybersecurity 
marketplace, lack of awareness or 
capability, are themes of vibrant 
discussions in the corresponding 
communities. 

The simple fact is, however, that in 2016, 
2017 and 2018 so far, there was a clearly 
documented increased quantity of 
information on the occurrence of 
malicious cybersecurity events and 
cyber-space abuse. This tendency is 
reflective of the high amount of interest 
by websites, web services and indeed 
across the whole Internet and traditional 
media regarding cybersecurity problems. 


4 https://www.sdencedirect.com/5cience/article/pii/51877D5091600082X 
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In summary, some of the main trends in 
the cyber threat landscape over the 
course 2017 and beginning of 2018 were: 

° Amount of attacks and expertise of 
malicious actors in cyberspace continues 
to increase 

° Malicious infrastructures keep evolving 
their capabilities involving multipurpose 
configurable functions for traditional 
cyber-defense subversion such as 
anonymization, detection and encryption 
evasion 

° State-sponsored attacks are one of the 
most omnipresent malicious threat 
agents in cyberspace. They're a top 
concern of governmental and 
commercial defenders, traditional cyber¬ 
defense environments do not seem to be 
able to protect such high value targets 
from advanced attacks 

° Cyber-war is entering heavily into 
cyberspace creating increased worries to 
critical infrastructure and industry, 
especially in areas that are critical but 
legacy or are in budgetary crisis or 
geopolitical crisis 


2.3 Current Perspective on 

Cyberspace 

Today, it is evident from the degree to 
which it has become ubiguitous to use 
multiple devices across multiple 
networks, that such complexity passes 
mostly undetected in our own lives. 
Thanks to mobility, traditional computers 
have evolved from mainframes to 
portable laptops, to powerful mobile 
phones, smart-watches, smart-cars, 
smart-refrigerators, smart-homes and 
tablets - all connected. Computers have 
experienced a massive change from 
mainframes to very portable devices. 

We end up dependent for most of our 
computing, work and play on the World 
Wide Web, the Internet and other 
supporting mobile wireless networks. An 
incredible variety of kinds of hardware 
systems, architectures and networks are 
connected to form a worldwide 
cyberspace. The absolute penetration of 
networks and technology in 
contemporary society means that 
everyone and everything are to some 
level connected even in the most remote 
of locations. It is at this moment that we 
as a society and as users stop to fully 
comprehend the authentic inter¬ 
connectivity of today's world due to its 
sheer complexity and start to overlook its 
vast vulnerabilities and risks. 

From an individual perspective, 
cyberspace is just a "platform" in society 
as described previously. It is a fluid and 
constantly developing 'living system' or 
network, and also an environment that 
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has so many things happening at once 
within it that it just happens to be very 
far from governable. When it comes to 
governments attempts to come up with 
effective policy, governance systems, 
compliance rules and laws to try to cut 
back on the ever increasing number of 
cyber-attacks, these attempts are 
present and documented, but siloed and 
behind the curve of innovation, which 
can be exemplified through various 
regulations, i.e. Data Privacy Shield, or 
GDPR, having lasting success at these 
attempts seems inherently tricky as time 
moves forward and digital complexity 
grows. 

The sophistication and dangers 
originating from this varied phenomenon 
are not currently guantifiable, only 
estimates exist that due to the fact that 
these are best-efforts led within specific 
time frames, within specific 
environments and concluded through 
limited intelligence and budgets, it will be 
indeed impossible to ever achieve truly 
global actionable consensus. Even 
though there is not international 
definition of network theory, a network is 
characterized by scholars as a 
"complicated pattern of connections 
among numerous interdependent 
elements”. 5 

Scholars of network theory recognize 
that since networks are complicated and 
centerless like the systems that make up 
cyberspace as we know it, deep levels of 

5 https://academic.oup.com/comnet/article/2/3/203/2841130 


uncertainty are inevitable in generating, 
managing or planning security 
environments for complex networks. As 
will be discussed further on in this paper, 
despite the lack of feasibility in achieving 
full understanding of complex global 
networks and their weak points in 
federated organizations, a blockchain- 
based approach of'divide and conguer 
through consensus' is possible and 
indeed verifiable. 

When we take network theory and 
proceed to apply it within cyberspace, 
then it appears vastly important from 
both a theoretical and practical 
standpoint. Cyberspace is a significantly 
networked environment and as such, it's 
completely interdependent because of 
its operational objectives and the nature 
of its services provided to organizations 
and consumers. It is, in essence, a 
worldwide network of programs in which 
fresh and varied technologies have been 
continually developed and deployed on a 
daily basis, and as widely known, despite 
of efforts in the contrary, there are 
vulnerabilities in these technologies and 
supporting frameworks. 

There is also no such thing as linear, 
expected inherent risk, danger or 
vulnerability of a cyber network or a 
protocol, software or otherwise any 
method despite the wildly illogical 
current strategy that current controls in 
the space follow of opting for the 
'proving the negative' tactic with 
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expected current low probability results. A 
completely different approach is 
suggested in this paper, with an identical 
principle placed on the control of risk, 
vulnerability, truth and trust in the digital 
universe. 

The context of such problems are best 
described with self-similarity theory 
through the dynamics which freguently is 
observed within study cases on such 
types of theories called the 'cascading 
event' dynamic. The self-similarity 
concept in the context of networks and 
systems is a time developing 
phenomenon that keeps constant the 
more you zoom into the network, it is said 
to exhibit self-similarity if the numerical 
value of certain observable guantity of 
devices in this case {f(z,t)} f(z,t) measured 
at different times are different but the 
corresponding system criticality rules of 
devices irrelevant of their inner 
complexity at a given value of {z/t A {y}} 
{z/t A {y}} remain invariant. This 
phenomenon seems to happen in 
networks, it happens if the quantity {f(z,t)}, 
f(z,t) exhibits dynamic scaling, just as in a 
fractal. The idea is just an extension of the 
idea of similarity of two networks in this 
case. Note that two networks are similar if 
the numerical values of their devices or 
systems are different however the 
corresponding system criticality rules, 
such as the criticality of the applications 
on their devices, coincide, with 
adjustments which can't be fitted into an 
easy linear paradigm. 


The cascading event is a scenario in 
which if 'ripples' disperse across areas or 
sectors from the point of source, changes 
can be proven incrementally, in this case 
through an ecosystem of consensus 
given the right incentives if the various 
parts of the fractal network to do the 
right thing being fully conscious of the 
truth on other fractal locations. We've 
established in the former paragraphs 
that many networks and systems don't 
normally function in a simple linear 
fashion and neither have linear risks or 
vulnerabilities, but this same risks or 
vulnerabilities tend to create new risks 
either by repetition or by inheritance. 
Within this case once we employ the 
cascading event into some cyber-attack 
it efficiently transforms into some multi¬ 
sector cyber-attack. This enables or 
permits the occurrence of the very 
unsavoury prospect of the destruction or 
the harming of a large number of critical 
sectors like critical infrastructure or 
government structures by focusing the 
cyber-assault within an organization 
which might look to the unsuspecting 
observer as less crucial *(56% of cyber¬ 
attacks occur through third parties). 6 
Therefore, leaving the any nation-state 
or critical infrastructure for that matter 
available to weaknesses that can be 
exploited due to weak implementation of 
security policies of a completely different 
allied nation-state, industry or sector. 


6 https://www.csppnlin0.cpm/articl0/3i9i947/data-br0ach/what-is-a-5upplu-chain-attack-whu-UPU-5hpuld-b0-waru-pMhird-partu-prpvid0rs.html 
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2.4 Value of Cyber Assurance 

Modern society is dependent on the 
equilibrium of complicated infrastructure 
programs for virtually every economic 
and social purpose. The damage that can 
incur both from cyber-war type attacks to 
future cyber-terrorism is very well known 
and accepted from nation-states and 
their agencies (US's Cyber Command, 
UK's Cyber Defence Force and Cyber 
Incident Response team) regarding the 
dangers that risks such as the ones 
coming directly or indirectly from cyber¬ 
attacks could have regarding its crippling 
impact on the country's economy, health, 
safety, and security. The vital value of 
infrastructure is a consequence of 
developing lasting interconnectivity. 

Likewise, individual business sectors 
within a connected economic model are 
inherently shaky, and disturbance in any 
single industry can activate a ripple 
through the economy impacting 
businesses that indirectly and directly 
interact with the impacted sector. 

Ex. 1. A nuclear power station or a PLC's 
and SCADA systems are attacked using 
the notorious Duqu malware, its core is 
shutdown as graciously as possible to 
prevent damage, this creates issues with 
power and voltage levels in an aging 
electrical infrastructure affecting 
hospitals, airports, dams, and even the 
stock market creating unmanageable 
brownouts heavily affecting the 
economy and causing loss of life through 
a cascading event. 


Ex. 2. Most banks use the SWIFT 
System, a federated system, if one bank 
SWIFT is subverted, chances are most 
will be, the cascading event would 
paralyze areas of the economy directly 
dependent on quick loans, that would in 
turn paralyze other more diverse sectors 
of business through a cascading event, 
etc. 

This shows the deep significance and 
importance of changing perspective of 
understanding regarding cyberspace 
from the traditional approach to a 
multidisciplinary or even a non-standard 
theoretical standpoint. Network theory, 
self-similarity concepts and the 
understanding and consensus needed 
around critical environments and the 
negative energy unleashed by cascading 
events contribute greatly to the field of 
cyber security and its solution -finding 
quest 

Theoretically, and also in the real world, it 
is very crucial to comprehend the size of 
interconnecfivity across the world, it is by 
understanding a cyber-attack within a 
single sector or area which might not be 
deemed important but that can have a 
massive effect on a country's safety, that 
we have the power to envisage and 
indeed project solutions to this important 
problem, creating better answers and 
new approaches based on the 
blockchain, enabling new techniques 
never possible before in a robust manner 
that can indeed deal with cyber-attacks 
now and in the future by following new 


models and plans of defense through 
distributed systems and areas of business 
separated in principle but together in 
consensus. Additionally, it helps 
professionals within those organizations or 
structures with devising effective coverage 
and ensuring that the security and 
sustainability of their physical and virtual 
universe is maintained through control and 
verifiable unbiased visibility over various 
cyber domains within their network and 
outside of their environment. 


I 3. NAORI5 SECURITY ECOSYSTEM FRAMEWORK 


Together with the growing presence of 
connected, centrally-managed 
technologies, our privacy, security and 
safety depends heavily upon the 
accuracy and validity of critical 
information. Various attempts have been 
made and innovations designed to 
eliminate the need for centralized 
entities controlling the flow of critical 
data, cryptographic keys and other 
logical assets, but each of these efforts 
has in the best of conditions relied upon 
the locally managed integrity of various 
digital apparatus collecting, managing 
and updating devices, systems and 
environments managed by humans or 
centralized governance structures, we 
propose consensus based approaches 
that improve markedly the capacity to 
manage, detect and react successfully 
and timely to breaches of integrity, 
validity and trust. 


Naoris, for the first time, aims to 
decentralize security and create 
standardization through the blockchain. 

In this section we will show conceptually 
the changes that the Naoris Security 
Ecosystem (Naoris SE) consensus can 
bring about in the space of cybersecurity. 

The Naoris Security Ecosystem (Naoris 

SE) allows for pseudo-partitioning in a 
shard like manner such that nesting 
Verge Clusters (VCIusters) can inherit 
optionally global rules of superseding 
shards simplifying rule making and 
allowing for streamline rules across for 
example industry verticals that in many 
cases share the same risks and use the 
same kinds of core applications or indeed 
even the same federated or cloud 
services. 
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t = timestamp, L = compromise, X = failed validation, V= confirmed validation 


Diagram 1 - Naoris Security Ecosystem zoomed in, verification of transactions based on industry vertical rules and company policy 


Naoris' virtual and hardware based 
appliances may act as confederated 
secure validator nodes allowing clients to 
participate in the effort of securing local 
and far away environments. 

Based on industry rule in a trustless 
manner through the use of a secure pre¬ 
built environment setup for the needed 
work, enabling secure state monitoring of 
systems, logs or even Information 
Security Standards following the rules 
set by pre-defined owners across to the 
Role Based Access System (RBAC) 
system. 

Naoris SE Command and Control (CS-C) 
accepts inputs in the form of scripts 
through the API. The setup of various 
rules regarding the security strategy of 
the environments under management 
they want to keep track of for various 
reasons (such as compliance, best 
practise, patch-levels and even secure 


secure baselines of mobile devices) shall 
be under management and full control of 
the owners of the specific VCIuster 
domain. 

TIER 2 
NODE 

□ a ■ 

• -V • - • 

TIER INODE TIER 3 NODE 



Diagram 2 - Naoris orchestration or SE Command and Control will 
assign criticality to various transactions which will be confirmed by 
different levels of tier nodes 

More details regarding access control 
and permissions will be provided further 
in the paper. 
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3.1. Threat Detection 
Mechanism 

First, the detection of threats. Threat 
detection happens when an anomaly 
occurs within a device, or area that is 
under integrity based 'surveillance'. This 
detection itself is based on three data 
points, namely identity through SPOE 
(Smart Proof of Existence), rules through 
the Naoris SE C&C management system 
and behavior. Each device on the 
network needs to prove its identity 
through a rigid Know Your System (KYS) 
procedure through SPOE so that any 
fault happening can be traced to the 
source and an action if available, 
activated. Once we know the identity, 
behavior needs to be established. 
Interestingly behavior can only be 
established if a device is observed. 

Much like the metaphorical tree in the 
forest, if it is not observed we do not 
know if it makes a sound. With the 
implementation of the Naoris network 
each nodes observes and validates the 
behavior and state of other nodes and of 
environments under observation rules 
set by the Naoris SE C&C, and thus 
establishes their 'normal' behavior from 
an integrity perspective and optionally 
through Bayesian based Al learning 
algorithms like the ones used in 
Modelled Consensus Secure Baselining 
(MCSB), described further on this paper. 
Once a device starts to deviate from its 
normal behavior an alarm signal is send 
to the owner (this is why identity and 
access management is important) to take 
adequate action or if defined an 


orchestrated action is set in motion 
supported through network consensus. It 
could very well be that the device is 
being reissued for a different application; 
it is the responsibility of the device 
owner to take appropriate measures 
either manually or set up orchestration 
rules. 

This novel approach to cybersecurity 
means that no matter the device once 
they are connected to the Naoris 
platform, behaviors, identities and rules 
can be established recursively for the 
VCIuster (Verge Cluster), consensus is 
achieved through randomly selected 
validators across the same and other 
external VCIusters meaning that every 
device added to the network makes the 
network initially exponentially, and then 
linearly more secure. 

In this section we set out to show how 
combining a blockchain ecosystem that 
is focused on achieving its objectives and 
Al empowers all players on the network 
to help each other be more secure 
through networked zero-hour detection 
as consensus is achieved in single digit 
seconds. By not only detecting the threat 
but also facilitating fixes and mitigation 
actions we believe that Cybersecurity can 
start working more effectively and 
efficiently. In synthesis by combining 
state of the art blockchain consensus 
mechanisms from an agnostic 
perspective with techniques that 
leverage the nature of the blockchain for 
cybersecurity, we work to make our 
vision a reality. 
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3.2. Naoris Blockchain 

In the previous section we discussed how 
we want to secure traditional networks, 
in this section we'll introduce how we 
suggest that can be established. Naoris 
5E is made of various key components (a 
resumed view of these can be found in 
the 'Summary' section). Each element 
introduced here will contribute to a more 
holistic and inclusive security for all users 
and digital devices that form part of the 
Naoris SE environment. The Naoris 
project relies on identity verification 
through the Distributed Identity 
Validation Authority (DIVA), on top of 
that we use Smart Proof of Existence 
(SPOE) to establish unigue sources of 
truth to achieve truly attributable 
behavior regarding data sources, devices 
or other digital assets. Each device can 
easily be a participant in a living 
breathing ecosystem focusing on 
maintaining security and integrity of 
systems and digital assets across various 
networks. 

Without pseudo-separated blockchain 
interoperability, blockchain-based 
services will either deliver services only 
within the confines of the limited 
customer base that runs its nodes, or 
sacrifice the unique security properties of 
the blockchain in delivering more limited 
solutions to more centralized entities. 

From the perspective of blockchain 
technology, if blockchains are to achieve 
their true potential, then interoperability 
between blockchain elements or 
sidechain areas and services is required, 


in the case of Naoris SE these are called 
VCIusters or Verge Clusters that hold a 
collection of devices that operate under 
the same owner or contract, more details 
on these will be available further on the 
paper. 

3.3. Delegated Proof of Stake 

The DPOS algorithm can be divided into 
two parts: 

1- Electing a group of block producers 

2 - Scheduling production 

Delegated Proof of Stake is robust under 
every conceivable natural network 
disruption and even secure in the face of 
corruption of a large minority of 
producers. Unlike some competing 
algorithms, DPOS can continue to 
function when a majority of producers 
fail. During this process the community 
can vote to replace the failed producers 
until it can resume 10D% participation. 

We know of no other consensus 
algorithm that is robust under such a 
high and varied failure conditions. 

Instead of allowing all users on the 
system to confirm trades, DPOS allows 
nominal token holders to vote 
(proportionally with their holdings) to 
select a few of users to affirm the validity 
of prospective blocks. By cutting back on 
the number of validators and requiring 
these to meet minimal performance 
conditions, DPOS creates a network that 
operates faster. 
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The continuous real-time voting to select 
delegates brings about a few new 
elements to consensus algorithms: 

It gives each nominal token holder the 
ability to determine what is going on 
within the system; it also creates a 
demand for delegate standing or 
reputation. If a user does not have a great 
standing within the community, then the 
user is unlikely to be elected, as users 
may attempt to elect people that operate 
in line with the needs of the system. 
Finally, it removes the competitive 
element of PoW/PoS and as an 
alternative allows delegates to collaborate 
with each other to generate new blocks. 
This eliminates a number of the waste of 
PoW/PoS block creation, where 
ineffective labor is simply discarded. 

Under ordinary conditions a DPOS 
blockchain doesn't experience any forks 
since, as opposed to competing, the block 
manufacturers collaborate to create 
blocks. If there's a fork, then consensus 
will automatically switch to the maximum 
chain length. This procedure works since 
the speed of which blocks are inserted to 
a blockchain fork is directly connected to 
the proportion of block manufacturers 
that share the exact identical consensus. 

A blockchain fork leveraging more block 
producers onto it is going to rise in span 
faster when compared to fewer 
producers, as the fork using more 
producers will probably experience fewer 
missed blocks, other subversive malicious 
actions and/or abuses are also mitigated 


using differenttechnigues and 
strategies. 

Byzantine Fault Tolerance is inserted to 
classic DPOS by allowing most block 
producers to sign all of the blocks 
provided that no single block producer 
signs two blocks with the same time 
stamp or the exactly identical block 
elevation. Once one to five 
manufacturers have signed a block, then 
that block is deemed irreversible. Any 
byzantine producers that would be 
subverting this environment would need 
to build and sign cryptographic proofs, 
thus proving their abuse by repeatedly 
signing exactly identical time stamps or 
blockheights. 

Within this principle of consensus, 
irreversible truth ought to be reached 
within 1 second. 

Naoris BE was designed to run as lightly 
across systems as possible, as a DApp, 
Naoris BE is a distributed cybersecurity 
platform that is agnostic to device or 
operating system, as such, it works on 
top of most networked devices and their 
operating systems in different forms and 
starts by uniguely identifying devices, 
using SPOE (Smart Proof of Existence), 
a cryptographically unigue fingerprint of 
every digital device is generated and 
stored into the blockchain that forever 
identifies each unigue device, this artifact 
is a derivation of the correlation between 
several metadata attributes including 
'time of creation' within the VCIuster, 
owner or on-boarder 
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and other hardware/device drivers 
characteristics in case of a hypervisor 
based system, be it a smartphone, a 
computer, a virtual or bare-metal server, or 
a micro kernels such as the ones present 
in embedded devices and self-driving 
cars. In leveraging the power of the 
blockchain across a truly vast number of 
users across devices and 05 platforms, 
Naoris suggests the usage of an 
environment where critical environments 
and businesses will be able to support 
verifiable and trusted distributed 
resilience, integrity and availability. 

Among the Naoris Network core, there 
has been the clear objective of focusing 
towards implementation of an API that 
allows for the enablement of changes to 
security rules within hereditary shards to 
suit real world security needs of 
businesses and their applications. This 
will allow system administrators, security 
professionals, and Verge Clusters 
(VCIuster) owners to set and manage 
automation capabilities when presented 
with risks. The owner of the VCIuster may 
for example compose clever contracts or 
rules for sidechains and their observed 
platforms in order to interact with the their 
own infrastructure in the case of local or 
remote cloud services for example, 
including setting up script based 
schedulers to trigger needed security 
overviews over third party services or 
applications, just as if it were a traditional 
application programming interface. 


7 https://dictiDnaru.cambridaa.pra/dictiDnaru/analish/intalliaanca 


Such abstractions allow developers and 
administrators to make various types of 
distributed verifications a 
normalendeavour, such that these 
contextual protocols would end up 
increasing intrinsic security maturity 
levels. 

3.4. The Importance of 
Intelligence Backed Actions 

^ ^ Action may be the true way of 
measuring intelligence. 

Napoleon Hill 99 

intelligence noun (ABILITY) 

[ U ] the ability to learn, understand, and 
make judgments or have opinions that 
are based on reason 7 : 
intelligence noun (SECRET 
INFORMATION) 

[ U, + sing/pl verb ] secret information 
about the governments of other 
countries, especially enemy 
governments, or a group of people who 
collect and deal with this information 8 : 

Despite the general 'abuse' in the 
cybersecurity space of the word 
'intelligence', in this context we suggest 
to use it as a means of source of 
knowledge, truth seeking, and judgment 
making based on reason that the 
blockchain ecosystem allows for such 
distributed proofs to be created and 
independently verified, (intelligence 
noun (ABILITY)). 

8 httP5://dictionaru.cambrida0.ora/dictionaru/0nali5h/int0llig0nc0 


18 




3.5. Simplified and Resilient 
Approach to Risk 

Arguably, in regards to security tools in 
general, sophistication is its own enemy 
as so many alarms are generated 
through so many possible attack vectors 
that it becomes unmanageable and 
organizations turn out of cost 
management or due to being 
overwhelmed with possible threats to 
third parties to manage their own 
security, which brings extra risks. Naoris 
5E suggests that it be leveraged by 
organizations to its fullest ending up 
creating an ecosystem in which 
companies and their third parties secure 
each other without the risk of loss of data 
or breach by doing so, becoming an ever¬ 
more resilient and frusta ble super 
environment that does not transfer data 
but, their guantum-resistant one-way 
collision resistant hashes. It is usual for 
organizations to have a bunch of legacy 
or new security products, starting with 
firewalls, cell phone Mobile Device 
Managers (MDMs) and also an end point 
security setup as a minimum, more often, 
much more. 

Security or Security Operations Centre 
(SOC) teams need to manage many data 
sources and deal with threats guite 
quickly; naturally, security teams do not 
possess enough time or the tools to 
pinpoint critical dangers hidden on 
mountains of data. This becomes quite a 
dangerous problem as real dangers slip 
through one of tens of thousands of 
alarms. What's necessary is an 
environment which simplifies and 


orchestrates solutions though a 
distributed ecosystem that is focused on 
maintaining security, availability and 
integrity. Naoris C&C Ul and API offer 
suggested to offer answers to these 
issues backed by blockchain based 
consensus across various VCIusters or 
networks. 

Through the 'ability side' of intelligence 
and by leveraging the SPOE (Smart Proof 
of Existence) associated artifacts, we 
suggest a more conservative, 
transparent, consensual and economical 
approach to the security of systems, 
applications, critical documents such as 
trade secrets or digital IP, access rights, 
databases, security logs, applications, 
virtual systems, installation packages, 
firmware or device drivers or indeed any 
other digital asset. The Naoris 5E strives 
to achieve consensus in an agnostic 
fashion regarding any digital asset, to 
mitigate validator targeted attacks, 
validators are chosen randomly through 
Verge Clusters (VCIusters), so that even if 
a business has all their assets fully 
compromised, the mechanism of 
consensus mitigates such attacks as 
truth is assured by a wide majority of 
randomly chosen outsider validators 
(from other VCIusters) will still provide 
valid consensus on a truth. 

As such, a myriad of threat vectors 
including hard to defend threats like APT 
(Advanced Persistent Threats) and Zero 
□ay malware will trigger hyper-detection 
and hyper-resilience responses though 
the various VCIusters and their SPOE 
identified systems, the continuing 
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operation of validators that roughly 
every second achieve consensus on the 
continued security of a state in exchange 
for rewards and strive to achieve 
consensus regarding a potential breach 
in exchange of extra rewards are the 
main rules and incentivizers of work in 
the ecosystem ensuring that all 
ecosystem actors ensure a secure 
distributed environment regardless of 
where that environment is located. 

In this way if the threats aforementioned 
are present and infect an asset 
somehow, the secure signature changes, 
an alarm is thrown and a resilience or de- 
risking action is spawned and validated 
by random validators ensuring that the 
threat is mitigated for example though a 
failover to a secure state in time if 
resilience capability is present, or 
through sandboxing, firewall rules, 
isolation within a virtual network, 
including all the way to a forceful 
shutdown of the asset in case of less 
critical environments. 


3.6. Parametric Bayesian 
Inferences and Modelled 
Consensus Secure Baselining 

(MCSB) 

Arguably the domain of cybersecurity 
that is experiencing a huge 
transformation is the domain of endpoint 
security. Despite the constant advances 
on this domain to mitigate known threats 
a lot is still needed to in order to achieve 
truly mature-network-sized end point 
protection. We propose a succession of 
techniques in order to do so compared to 
the standard strategy. The objective is to 
predict and avert a wide array of risks 
that can come directly or as a cascading 
event as mentioned in previous chapters. 

The risk of a specific network area can be 
directly influenced by the criticality of 
applications and data being consumed 
by a specific business process, the risk 
that a change or a new application can 
be malicious can be determined by 
several means, it can be by the user that 
made the change, portion of the change, 
timing of the change, rate of changes per 
period of time, previous historical 
records on changes, circumstance of 
other running applications, and a number 
of other different activities. Therefore 
whenever there is a certain sort of 
information, in order to process a single 
definite result based on probability or 
assessment of risk Bayesian networks 
can be used in order to create 
whitelisting / blacklisting rules validating 
over time through consensus. 
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The Bayesian network's formalisation 
was devised in order to allow for an 
efficient representation of probability 
given a list of truths. The procedure 
enables a system to learn from 
experience, and it unites the areas of Al 
and neural networks. 

In this context, Naoris BE enables the 
owner of a certain VCIuster, through the 
Naoris DApp for C&C to set learning 
timers for different systems, an example 
can be given for a potential critical 
system, where the owner set learning 
timers are of an initial 30 days, where all 
applications that run there should be 
known and identified uniguely, all the 
libraries called should be known and 
identified uniguely, all the device drivers 
enabled should be known and identified 
uniguely, etc. These will all be part of a 
secure signature that is going to be 
collected by the sensor on the system 
and stored on the blockchain for that 
specific SPOE identified device. 

There are guite a few applications of 
such a technique, notably finding 
potential malware or otherwise 
unwarranted or untrusted software 
running alongside well known and 
expected applications, even a certain 
executable that was known but suddenly 
has a different signature due to a code 
injection attack or the use on an 
unwarranted or subverted library, and 
even risky malwareless system actions 
like: 

- running a command as super user or 
root, 


- connecting to the internet through an 
insecure protocol like SMB, RDP, FTP or 
an Anonymous socks5 Proxy among 
other examples. 

After the timer has passed the Modelled 
Consensus Secure Baselining (MCSB) is 
defined and may be used as a parameter 
for Bayesian inferences made by the 
swarm Al engine in a future disturbance 
of that same expected secure signature 
in order to release an action as pre¬ 
defined or an alarm to the C&C console. 
More information regarding access 
control for the definitions of such actions 
and permissions is presented on the next 
three chapters. 

3.7. Threats Mitigation 

This mitigation of further spreading of 
the infection or threat actor across the 
network allows for a massive decrease of 
risk in comparison to traditional 
environments. The current'living off the 
land' time (2018) that averages 101 days 
since infection or breach to detection and 
response is offset even more by days, 
weeks, months or even years of cyber 
forensics to find the origin, the motive, 
the modus operandi of the threat and the 
extent of the breach. This delay gives 
attackers a massive advantage that 
allows them to completely own 
infrastructures across organizations, 
impersonating users across roles, 
leveraging every running or stopped 
application for their own agendas, 
putting business credentials and 
reputation at risk and with it every digital 
asset, indeed such threats might never 
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be detected using traditional techniques 
and are potentially survivability events 
for organizations. 9 

The approach suggested by Naoris 5E is 
eminently possible by design within its 
ecosystem, its realization is indeed 
verified in a distributed manner by 
design in an agnostic fashion and 
independently audited, can be beneficial 
in many circumstances. 

Awareness of the defending 
environment upon which a breach is 
achieved through the interpretation of 
historical chain data stored through rules 
or MCSB and also valuable associated 
metadata like timestamps, UAUID 
(Universal Asset Unique Identifiers), 
chain of custody, etc. During an event of 
compromise, this data can be used to 
react manually though the Naoris 5E C&C 
environment or to set in motion an 
orchestrated action defined based by 
simple action-reaction scripted triggers 
that would, according to best practise 
vary according to asset criticality. This 
inviolable source of contextual data shall 
also be helpful towards a future cyber¬ 
forensics investigation to validate 
provenance and method of breach, 
timeframe of compromise, thus allowing 
for a successful recuperation of a system 
to a time prior to the potentially 
unknown malicious event. 

This enables in effect for immediate de- 
risking of an otherwise potentially critical 
situation, Naoris 5E allows the truth of 


environments 'states' to be defended as 
the validity of such truths become 
universal knowledge ready to be 
cryptographically validated by an 
ecosystem primed by rules that seek the 
successful validation of its defined 
maintained security levels or for higher 
rewards the finding of a potential costly 
internal or external bound breach, 
misuse, or mistake. 

Abuse of the ecosystem is taken into 
account with various mitigation 
strategies mentioned above, including 
the fake breach spamming attack, where 
a threat actor in charge of a validator 
node of a certain tier generates fake 
insecure states ad-infinitum hoping to 
validate such states for more rewards. 
Due to the nature of the algorithm that 
allows for block signing, validators are 
chosen randomly across various 
VCIusters, as such the threat actor would 
have a loss due to the fact that it would 
spend more CPU cycles and electricity 
during the creation of fake proofs than 
he would receive in the off-chance event 
of his node being randomly chosen for a 
proof. This in turn would even make life 
more difficult for that node as it would 
become blacklisted for repeated 
perceived "bad behavior”, this would be 
synced across the network making this 
threat unfeasible. 


9 https://www.darkreadinacom/analutics/5tealina-data-bu-living-off-the-land/d/d-id/1322063 
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Intelligence, in the Naoris 5E context is 
indeed intelligence that allows the ability 
to act on a certain truth, implemented 
with wider network security in mind. This 
results in an informed and speedy 
activity that is required to stop cyber¬ 
attacks or thwart any future malicious 
achievements. Through the processing of 
actionable, well-organized and 
recursively validated information 
mirroring real events on real 
environments stored on the ledger, the 
essential nature of this resource is 
maintained with the firm belief that such 
info be it recent or historical is needed 
now more than ever. IT and security 
businesses are overrun with 
unmanageable and uncorrelated levels 
of data in multiple, independent security 
deployments, which makes it very hard 
to come across critical dangers buried in 
mountains of possibly interesting data. 

3.8. Management, Handlers 
and Roles 

Role Based Access Model (RBAC), 
Handlers and Role Orchestration 

Using role-based access control (or role 
based permissions), adds a second layer 
of categorization on top of what is 
supplied by user based accessibility or 
discretionary access control, which can 
be a poorer approach. Users continue to 
be given a login, a signature, a Multi 
Factor Authentication (MFA) key and a 
password, but rather than their access 
being determined in an individual level, 
role based access enables users to be 
assigned to groups that are in turn 


assigned specific capacities. 

Examples of common groups include 
Owners, Editors, Viewers, Users, etc. This 
approach has a couple of benefits over 
user-based access. By way of example, 
it's much simpler to edit user capabilities 
in bulk, because changing the 
permissions of a particular role will alter 
the settings for all users assigned to that 
job. It is critical that authentication and 
permission management be 
standardized and separated from the 
business logic of the application. This 
enables the user deemed the Owner of 
the Verge Cluster (VCIuster) to spawn the 
first change in their Naoris Command 
and Control Distributed Application (C&C 
□App) to manage permissions in a 
general-purpose mannerand also 
provide significant opportunities for 
performance optimization. 

Every account may be controlled by any 
weighted combination of other accounts 
and private keys, within any modern 
environment, best practise demands that 
multi-user, multisig control organized 
permissions are the single biggest 
contributor to security, and, when used 
properly, it can greatly reduce the risk of 
account breach due to hacking, or 
otherwise an internal threat. 

For environments with ordered 
hierarchies inside their VCIuster, and 
defined information-sharing policies, 
role-based accessibility has become the 
most efficient method to handle 
permission settings. 
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Within each VCIuster each key account 
may define scripts that govern their 
specific VCIuster from a security project 
level or policy level delimiting areas of 
High, Medium or Low criticality for 
specific applications, files, libraries, logs, 
kernels, databases or even singular or 
groups of systems that are stored in their 
own private database within that 
VCIuster. Roles can be set on other local 
accounts through the Naoris C&C DApp, 
where key project members determine 
the right level of access and rule setting 
parameters and permissions. 

Block producers verify such transactions 
through normal validation work. 
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3.9. Named Permission Levels and Validation 


Each named permission level defines an 
authority for the positioning role; an 
authority is a threshold multi-signature 
check consisting of keys and/or named 
permission levels of specifically defined 
accounts. 

Orchestration management scripts may 
also define triggers on additional smart 
contracts within that same VCIuster, the 
5POE algorithm will kick in automatically 
and generate the unique artifact that fill 
be associated with the system rules 
across the chain from that point on. 

To support seamless implementation, 
each VCIuster account may also specify 


numerous scopes inside their database. 

The permission evaluation process is 
"read-only" and changes to permissions 
made by transactions do not take effect 
until the end of a block, this allows for 
validation to occur and logs to settle on 
the chain. Any change by any user is 
logged into the blockchain and 
timestamped to mitigate abuse, 
collusion, management fraud and/or 
other types of internal threats. VCIuster 
Tools allow accounts to define what 
combination of keys and/or accounts can 
send a particular manual or orchestrated 
action type to another account. 
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Positioning Role 

Naoris C&C Console 
permissions 

Vduster Tools 
permissions 

Owner 

All viewer and editor 

Create initial MCSB 

Multisig is used 

privileges, plus the 

systems, scripts and 

*(Two Owners Minimum) 

ability to view deployed 

smart contracts, deploy 


scripts, invite users, 

script and smart contract 


change user roles, and 

code, update all 


delete scripts or smart 
contract primitives 
including systems under 
the MC5B protocol. This 
account has access to all 
resources within the 
security project, all 
changes except from 
initial spawning is 
validated by the second 
Owner 

configurations 

Editor 

View MCSB on systems, 

Deploy MCSB on 


script and smart contract 

systems, script and 


information and edit 

smart contract code 


settings. Has access to 

with permission, update 


all resources in the 
project and must request 
permission from one 

Owner 

orchestration 


Viewer View MCSB on systems, Request logs 

script and smart contract 
information 
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3.10. Imbued Critical Action 
Delays 


In order to create a resilient system, it's 
important and also deemed as best 
practise to think laterally and create road 
blocks to unwarranted or illegal changes 
or mistakes in order to mitigate them. 

Given this, it is possible that in certain 
situations an advanced persistent threat 
actor has complete and full obscured 
ownership of an environment and all its 
machines and/or thewholeVChainfora 
long time before the time of deployment. 

Despite the multisig reguirements, 
sometimes, due to the criticality of 
actions taken as admin under specific 
circumstances or regarding specific 
mission critical systems forced action or 
orchestration delays are mandatory for 
the first iteration to improve resilience of 
such an environment and mitigate other 
side channel attacks. 

In cybersecurity, time is one of the most 
important resources, if not the most 
valuable resource, this is true both when 
attacking an environment but even more 
so, when defending it. By creating time 
delays to particular actions, even when 
multisig is already included, the threat 
actor can't set up or delete rules in critical 
environments instantly (less than 1 
second), giving precious time to allow the 
owner to recover control of his accounts 
though private key recovery processes, 
these decisions are set up as a policy 


either globally for the whole VCIuster or 
to some systems, applications or rules 
within it. 

There may be some time delay set for 
thresholds. Anything under a certain 
level of criticality may not demand any 
time-delay however for smart contracts 
monitoring mission critical environments 
or critical infrastructure any change could 
lead to a beach or otherwise a cascading 
catastrophe. In this case, it may be 
sensible to decide on a time-delay of a 
couple of days for changes. The client 
shall have the choice to cancel the 
unwarranted or abusive change within 
the time. 

Given the well-known reality of failures 
regarding current defense in-depth 
technigues, system hardening and other 
contemporary security methods, it must 
be admitted that a different approach 
and further best practice is needed. 
Compromise, best be assumed, it's not a 
guestion of if, but of when. Many 
organizations realize that 'defending' 
and 'responding' is no longer as effective 
as it used to be due to the complex 
federated nature of today's networks, 
the centralized nature of the solutions, 
the heavy reliance on hard to oversee 
third party environments and the 
innovative and sophisticated technigues 
and tools employed by threat actors. 
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4. THE NAORIS TRUSTED-NODE NETWORK 


Given today's growing cybersecurity 
risks, the demand for a difficuIt-to- 
disrupt method to complement 
traditional cybersecurity technigues is 
growing. The fact that spoofing, cyber¬ 
attacks and other types of disturbances 
seem to be growing in freguency and 
severity makes thisreguirementan 
important one. Such abuses of currently 
existing infrastructure, architecture and 
protocols have the potential for 
catastrophic impacts on our own lives 
and financial activity. In orderto 
accomplish this need, Naoris operates 
through a set of abstractions that greatly 
reduces the risk of consensus 
compromise or spoofing through a chain 
of zero-knowledge proofs along a 
strategy of diversification of proof points, 
random verifier nodes that are in 
majority outside a set shard are chosen 
for verification of Merkle hash trees. 

This situation ensures that attacks are 
mitigated even on the limit situation of a 
completely subverted corporate network 
in which every verifier node within the 
same shard is acting with malicious 
intent, since regardless how many 
verifier nodes exist within that shard, a 
majority in comparison is always chosen 
randomly from outside of the shard 
where the verification source is, thus the 
probability that the majority of randomly 
selected verifier nodes outside of the 
shard in guestion are also under 
malicious ownership is negligible. 
Resilience is also added to the context of 
the distributed truth finding operations 


through the enforcement of mandatory 
consensus of at least two high-tier trust- 
nodes, these nodes have much higher 
computing power and follow known 
cyber security standards in a verifiable 
manner as such they can provide various 
operations overthe hash tree and the 
source hashes. 

♦ 

0 

*0 

♦ 

11 

VALIDATORS 

Diagram 3 - Naoris blockchain with representation of validators on 
the VCIusters 

From a reward perspective every 
validator node that is randomly chosen 
within a business, or other organization 
receives bonus rewards for validating a 
breach, or otherwise some compromise 
of the ruleset defined when compared to 
normal block rewards, thus ensuring that 
the whole ecosystem main focus is 
sguarely on the task of finding 
malpractice or other malicious subversive 
activities. 

In order to mitigate self-mining or other 
selfish attacks where verifying nodes 
generate “their own breaches of trust” or 
set rules that are constantly broken in 
order to get more rewards, the random 
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Diagram 4 - Transaction validation is being rewarded with NAOS coins 


nature of selection outside of the shard 
where they are located guarantees that 
the probability of one node underthe 
control of the attacker being the one 
chosen to verify the fake breach and 
earn him a reward recursively is 
astronomically low, being discarded and 
as such mitigates this attack as the 
malicious node would spend orders of 
magnitude more in energy needed to 
generate fake proofs than it would 
otherwise gain in rewards from being 
chosen randomly. 


data, data related to intellectual property 
or critical IT and OT industry system level 
sensitivity will hold a more rigid check 
than non-critical data. Each clientwithin 
a VCIuster can indicate what criticality 
level each data item represents and force 
the ecosystem to allocate rewards for the 
correct work at validating security for 
those systems at the required level, 
releasing rewards for each check. 




ANDROID TABLET COMPUTER iMAC SERVER 


4.1. Verifier-Node Architecture 


Diagram 5 - Naoris Blockchain with different types of nodes 


Naoris chain operates on a multi-tier 
validator node system with various levels 
of security. Each security level is 
designed to process secure signatures of 
different levels of critical systems or 
digital processes that can hold critical 
data. Ex. Systems that hold personal 


Each node can accept transactions, and 
act as decentralized computing power. 
There are three security levels: 

1. Basic nodes 

2. Security nodes 

3. Highest Security nodes 
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Diagram 6 - Naoris blockchain with validators on VCIusters 

Basic Nodes 

Basic nodes have the least stringent 
security requirements in the system, and 
they are only permitted to process data 
at the lowest criticality level. They serve 
certain jobs that do not require a high 
level of security, including 
anonymization and validation of basic 
information. 

These nodes keep only a random hash of 
previous blocks and not the whole 
blockchain, since previous blocks have 
already been trusted and validated. 

The basic node network is highly 
expandable, since the process of 
validating new nodes is decentralized to 
network participants, and verifications at 
this level can be simpler because of its 
lower security requirements. 

Security Nodes 

Security nodes require more validations 
and higher cybersecurity standards, and 
they protect more critical data than basic 
nodes. Security nodes will hash twice for 
enhanced security, with the second one 
done under quantum-resistant hashing. 


It takes more effort to verify the machine 
state of a security node because of its 
stricter security standards, so the 
expected reward for doing so will 
generally be higher. In addition, the 
market will generally find a higher price 
for monitoring data at this level, since 
nodes operating in this tier will have a 
higher marginal cost due to the higher 
security standards they're required to 
meet. 

Highest Security Nodes 

Highest Security nodes operate at the 
highest security standards, and monitor 
data assigned to the highest criticality 
level. The 21 nodes in this tier are 
individually vetted and hand-picked, and 
they achieve consensus via delegated 
proof of stake (DPoS). 

Rewards for monitoring and threat 
identification at this level will generally 
be higher than at the two lower security 
levels, which compensates Highest 
Security nodes for the additional security 
standards they must meet to become 
trusted at this level. Like Security nodes, 
Highest Security nodes are hashed twice, 
and under quantum-resistant hashing in 
the second one. 

Because nodes at this level are validated 
at the highest standards, they are 
permitted to process data at all levels, 
though the rewards for processing less 
critical data are lower. This mechanism 
ensures that trusted nodes can fill 
demand at the other two levels to 
normalize prices if the market becomes 
distorted between the three tiers. 
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Each data point has its own security 
requirement depending on industry 
standard and regulatory provisions. Once 
the security requirement is established 
the corresponding node will approve the 
data and receive a reward based on the 
effort that it took to verify the machine 
state. 

Although the Naoris chain is a perfectly 
democratized consensus protocol, 
master nodes and master node holders 
will be held to the highest security 
standards as tiers increase. When a user 
performs an on chain - off chain action 
they inherently need to trust the 
intermediary party to act in the best 
interest of the users to protect its privacy 
and security in that transaction. 

4.2. Establishing Trust in 
Trustless IT Systems 

With the advent of blockchain-based, 
trustless smart contracts, the necessity 
for trusted-node providers that arbitrate 
fairly the results of a given smart 
contract has grown significantly. Most 
present implementations of smart 
contracts rely upon aggregated sets of 
definitive and powerful trusted-nodes to 
settle the results of the contract. In cases 
where the two parties can agree about 
the authority and incorruptibility of the 
designated trusted-node, this will be 
adequate. Despite this being a great 
innovation in itself, there are 
unfortunately, in many cases, the lack of 
appropriate trusted-nodes, or the 
trusted-node cannot be considered of 
authority because of various possibilities, 


lack of hardware performance, lack of 
network performance, or forms of 
subversion such as, selfish network 
attacks, error, other hacks or otherwise 
the corruption of the trusted-nodes work 
through other means. 

Trusted-nodes that process or validate 
critical data or cybersecurity related data 
fall into this class. In the real world the 
trust levels associated with a set digital 
asset item is reliant on the interpretation, 
reporting, exchange, storage, and secure 
processing components of the specified 
digital asset, the same thing can occur 
with cryptographic trusted-nodes, 
governance or validation trusted-nodes, 
that if at all malfunctioning or subverted 
present a real threat of cascading risk 
from their neighboring network 
infrastructure potentially making it easier 
for an attacker to subvert an otherwise 
trusted blockchain system. The risk 
exists not only to the neighboring 
environments through malfunction and 
corruption but to the wider blockchain. 
Risks include data manipulation, data 
contamination, data reduction, DDoS and 
collusion to name a few. 

Platforms like Hyperledger, Neo, 

Cardano, Ethereum and EOS are used to 
a wide extent because of their power to 
mediate what has been up to now mainly 
moderately simple interactions within an 
online environment, the primary use 
cases involving escrows for fundraising 
in the shape of ICOs and other 
decentralized less utilized ledgers, we 
are now however looking at the promise 
of a further incursion towards the 
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□apps. However, up to this point, every platform has concentrated directly on online 
newly created ecosystems and not on the real world environments due to the extreme 
number of variables within the variety of legacy, noisy, critical corruptible centralized 
systems, it is hard to maintain data integrity and other issues of present information 
channels. 


5. SUMMARY 

5.1 Summary of Naoris Key 
Principles 

Device & O.S. Agnostic Security - Using 
different rules for different business 
verticals based on criticality - best effort 
security is guaranteed by preventing 
threat actors from changing the secure 
states of systems as all devices are now 
part of various distributed networks that 
guarantee their security and integrity 
through protocols such as Modelled 
Consensus Secure Baselining (MCSB). 

Preventative Self-Healing - The need for 
any kind of trust in centralized tools and 
decision makers disappears, relying 
instead on a decentralized consensus 
mechanism which registers and acts on 
information in real time reacting to 
threats and unexpected changes to 
secure states. 

Real-Time Standards & (Service level 
Agreements) SLA Audit - Every SLA and 
compliance reguirement is verified 
instantaneously and collaboration 
between businesses and their third 
parties are upheld to their highest 
standard always. From highly-regulated 
industry, to retailers, government and 
critical national infrastructure. 


The fourth industrial revolution is the 
current and developing environment in 
which disruptive technologies and 
trends such as the Internet of Things 
(loT), robotics, virtual reality (VR) and 
artificial intelligence (Al) are changing 
the way we live and work. 

We currently live in the midst of the 
fourth industrial revolution, and Naoris 
suggests that in order to future proof our 
technology and society, the way our 
institutions, industry, businesses, 
militaries and nation-states approach to 
cybersecurity needs to be radically 
altered by embracing new technigues 
and technologies that can achieve the 
change society needs in terms of 
information security assurance. In 
synthesis Naoris BE aims to instigate 
innovation through disruption in the 
cybersecurity field. 

In order to achieve a high degree of 
information certainty, in other words, 
bring undeniable, independently 
auditable truth maintaining chain of 
custody regarding systems, applications 
and circumstances of events several 
mechanisms are being developed by the 
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Naoris 5E team. 

The Decentralized Identity Validation 
Authority (DIVA) & Smart Proof of 
Existence (SPOE), they join together the 
ability of a blockchain technology to 
leverage techniques both in 
cryptography and cybersecurity to tackle 
real world information, their origin 
systems through uniquely traceable 
artifacts and the capacity to detect, react 
and recover from breaches of truth or 
trust with direct application today within 
a rule based ecosystem. 

DIVA which is designed to replace the 
current out of date public key 
infrastructure (PKI) architecture. PKI is a 
centralized security certificate issuer, 
validator and store. Naoris 5E suggests 


that such an approach to certificate and 
key management based on the 
distributed nature, consensus and rules 
the blockchain, would act as one of the 
strongest links in the security chain. With 
DIVA these certificates are stored 
immutably on the blockchain creating a 
trusted decentralized ledger for access to 
vital systems or services. 

Naoris Hybrid Chain (NHC) is designed 
with future proofing and resilience in 
mind. Concurrent snapshots of the Naoris 
chain will be 'backed up' on other 
blockchains for resilience in case a 
catastrophe would happen that would 
wipe out all full nodes on the main Naoris 
5E blockchain, this approach would allow 
for recuperation and rebuilding of nodes 
and services across the environment. 


6. NAORIS SWARM INTELLIGENCE 


“Swarm intelligence is the collective 
behavior of decentralized, self-organized 
systems, natural or artificial” 10 

It all goes back to nature and biology 
where organisms like ants, bees, birds, 
fish and many others form swarms, 
colonies, flocks, etc... to amplify their 
collective intelligence. 

Across the world in various ecosystems 
we can observe thatthese organisms 
work together as a collective to solve 
problems and make decisions surpass 


and are more efficient than individual 
organisms. The name given to this in 
science is Swarm Intelligence. 

On the other side, we humans don't have 
the natural connections that other 
organisms have to ensure close and fast 
feedback-loops between them. These 
organisms have natural abilities to detect 
anomalies in their environment such as 
high speed vibrations (bees) ortremors 
in the water around them (fish). We 
humans can now utilize modern real¬ 
time and high speed networking 


10 httP5://en.wikipedia.org/wiki/5warm intelligence 



technology to ensure close and fast 

The Naoris SWARM Al provides the 

feedback-loops between us and not only 
locally, we can do it globally too. 

We at Naoris are working with partners 
to develop SWARM Al technology that 
will allow the Al on each device to 

communicate in real-time with each 

other in whatever environment they are 
and wherever they are to assess new 
and existing threats. 

algorithms to enable “device swarms” to 
converge, combine their knowledge and 
insights of diverse groups of swarms into 
a single emergent intelligence, that can 
alert through the Naoris SE C&C interface 
if behaviors are out of the expected 
patterns from a macro perspective, even 
if no specific rules are assigned to 
systems on a specific VCIuster. These 
real-time swarms will significantly 

1 6.1. Swarm Advantages 

amplify intelligence enabling: 

° Millions of Als, one single emergent 
intelligence 

° Efficient and fast threat detection 

° Large quantity of Als is essential 

° Efficient and fast resolution 

° Als interacting with each other locally 

° Prediction of the best routes for 

blockchain nodes transactions when 

° Als follow simple rules 

under threats. This will be only 
implemented once the Naoris blockchain 
reaches “critical mass” to avoid the risk 

° Decentralized approach 

of an attacker compromising 
transactions by trying to modify a 

° Extremely adaptive 

transaction and broadcast it 

° Emergence of intelligent, collective, 
self-organized, global behavior 

° Supporting the Modelled Consensus 
Secure Baselining (MCSB) principle 

° Randomness enables the continuous 
exploration of the alternatives 

This will consist of a group of Als 
interacting with each other locally and 
the environment where they are. They 

° Behavior relies on stochastic choices 
made by the Ais 

will follow very simple rules, and there is 
no centralization that dictates how each 

Al should behave. 

° Application of bio-inspired concepts 11 

Local and random interactions between 
the Als will lead to the emergence of an 

11 httD://www.techferru.com/articles/swarm-intelliaence.html 
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“intelligent collective behavior” which is 
unknown to each Al. 

Advantages 12 

Flexible - Responds to internal 
disturbances and external challenges 

Robust - Tasks are completed even if 
some Als fail 

Scalable - From a few to millions 

Decentralized - There is no central 
control 

Self-organised - The solutions are 
emergent 

Adaptation - The system continuously 
adjusts to stimuli (new or not) 

Speed - Changes are propagated very 
fast 

Modularity - Als act independently 

Parallelism - Als operations are innately 
parallel 


6.2 Use Case Description 

A potential scenario is a CompanyX 
(office space global company) building 
where there are potentially 100 
companies, they all have their own 
networks, they are part of that 
CompanyX building network which is 
part of the CompanyX city network, 
which is part of the CompanyX country 
network and finally is part of the 
CompanyX global company network. 

Each of those 100 companies will have a 
“Device Swarm” Al deployed on every 
device and so will the CompanyX for the 
city, for the country and for the global 
network. 

All the devices Al on a company network 
will work together to assess in real-time 
the threats and behaviors of users and 
make decisions. 

They will be able to communicate 
anonymously with other devices Al on all 
the other 99 companies in that 
CompanyX building and work together to 
assess in real-time the threats and 
behaviors of users and make decisions 
relevant to their own network. 

They will be able to communicate 
anonymously in real-time with other 
devices Al on all CompanyX buildings 
and their customers networks on a city, 
on every city on every country, and 
globally. 


12 http://www.techfgrru.CQm/article5/5warm-intglliaence.html 



A true global distributed super Al for 
cybersecurity in real-time. 

The anonymized data from each device 
will still be uploaded to the cloud where a 
powerful central Al will continuously 


analyze the telemetry data and also 
analyze the communication and 
decisions being performed by the 
devices Al to continue to learn and 
evolve. 


COMPANY 1 COMPANY 99 



COMPANY X CITY NETWORK 



BUILDING NETWORK 


By having this innovative approach we 
will also be able to: 

Fast detection. By collecting and 
analyzing high-volume security alerts in 
real-time we will be able to construct an 
incident detection story across many 
tools. 

Fast response. By eliminating false 
positives and negatives we can prioritize 
the right incidents and continuously 
increase the automation of remediation 
tasks. Al planning will be used to create 
real-time response plans. 

Identify risk in real-time. The Al has 

real-time access to software 
vulnerabilities, configuration issues and 
errors, to isolate and act on high-risk 
situations. 


Ul 


M 



CITYNETWROK 


Reduce the noise associated with DLP 
alerts. More efficient analysis by local 
swarms will enable better detection of 
false positives and negatives. 


Identity and access management. More 
efficient analysis by local swarms will 
enable better detection. These new 
innovative approach ES combined with 
the Naoris blockchain is particularly 
useful for predicting attacks and 
providing response plans. 


Naoris SWARM Al will enable a better 
understanding of cybersecurity 
situational awareness. Security teams 
will want the SWARM Al to give them a 
unified view of security status across the 
network and an automation of response 
plans produced by the Al. 
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7. THE NAORIS CYBERSECURITY DOMAINS 
APPLICATION 


Cybersecurity Domains 

Because of its flexibility, it is a scalable solution for a wide range of cybersecurity 
domains, and can perform extremely diverse functions, thus meeting several 
cybersecurity needs at once. 
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I 7.1 Naoris Advantages 

Naoris approach has numerous advantages over current cybersecurity solutions 
including better cost efficiency, faster fault detection, and a better approach to 
guarantining threats. Its solution targets a market that is ripe for disruption. 


Current Weakness 

Naoris 5E Advantage 

Rising cost & rising risk: Global cybersecurity spending rose 

10% in 2017, yet 70% of organizations say their cybersecurity 
risk increased significantly (Investec, Ponemon). 

Naoris SE's solution is extremely cost-efficient, providing more 
effective cybersecurity monitoring at a fraction of the cost of 
status quo solutions, while its blockchain-backed ecosystem 
enables a level of assurance that has full non-repudiation 
qualities and is inviolable. 

Slow failure detection: It took global firms a median of 101 
days after the first evidence of compromise to detect an 
intrusion (M-Trends). 

Naoris SE's approach instantly recognizes and reports unusual 
behavior, orchestrating a consensually-approved fix action 
without relying on any central point of failure to command 
changes. That allows for fixes before attacks have time to 
spread. 

Flawed approach: Firms often employ cybersecurity 
measures that expose them to other vulnerabilities: for 
example, 84% of firms use remote wipe to protect mobile 
data, raising significant privacy concerns (Wipro) 

Naoris SE simplifies cybersecurity monitoring by reducing 
transmitted data to signature keys of the original information, 
which can then be transmitted safely for comparison to earlier 
signature keys of the same system. The data itself never 
traverses any network, so no breaches can occur. 

Rapid spread of threats: 32% of breaches affected more than 
half of the targeted system (Cisco), and 56% of organizations 
have had a breach that was caused by one of their vendors 
(Ponemon) 

Naoris SE uses pre-defined functions to respond to identified 
potential threats by quarantining faulty systems or restoring 
them to the most recent healthy state before other systems 
are affected. 

Weak and costly cybersecurity and compliance audits: 

Service licensing agreement (SLA), cybersecurity, and 
compliance standard audits are inefficient and opague, 
checking only a small fraction of devices. Enterprise 
cybersecurity certifications offer a beacon of false hope that 
enables further breaches, and are not a thorough, 
indisputable holistic best-practice validation customers seek. 

Yet the global market for enterprise governance, risk and 
compliance is estimated at $22.1 billion, and slated to grow to 
$64.6 billion by 2025 (Grand View, 2016). 

Naoris SE offers near-instantaneous (< 1 second), 
cost-efficient SLA and security audits and subsequent 
Independent recursive validations between: 

- Companies and their third parties, 

- Regulators and the industries they govern, 

• Governments and public agencies, or 

• Certification bodies and clients. 

Naoris SE enables significantly more transparent audits and 
SLA validations, enabling rapid recursive audits that bring 
significant cost savings through automation, as well as 
higher compliance, security and assurance levels. 

Lack of qualified cybersecurity professionals: There are 
currently more than 348,000 open cybersecurity positions 
(CyberSeek). By 2022, there will be 1.8 million unfilled 
positions (Gartner, Center for Cyber Safety and Education). 

Naoris SE's rule-bound, distributed consensus ecosystem 
significantly reduces the number of professionals needed 
versus traditional models. It assures detection of illegal 
operations and uses blockchain validation to orchestrate 
subsequent fixes or mitigation steps, greatly reducing costs. 

Rapid growth in cloud computing, but with no accountability: 

The cloud computing market grew 24% in 2017, and is now 
valued at $180 billion (Synergy Research Group). However, 
each year, hundreds of millions of users have their data 
illegally accessed on such systems. 

Naoris SE's blockchain-based consensus mechanism offers 
independently-verifiable transparency into external 
environments, including advanced persistent threat (APT) 
detection, data loss prevention (DLP), authentication, and 
access control. It also makes it possible to cryptographically 
prove subversive actions by internal or external threat actors 
beyond doubt, and create undeniable consensus on the 
questions of when, what and who. These features are 
necessary to achieve accountability, prove best efforts, and 
avoid issues that affect customer data. Results are then 
propagated to the ledger, where they become widely known 
and independently auditable. 
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8. TOKENOMICS & PLATFORM VALUE 
OVERVIEW 


The value of the Naoris Security 
Ecosystem (Naoris SE) platform comes 
from its novel, instant, and cost-effective 
approach to cybersecurity services. 

Unlike the cybersecurity services offered 
today, which only know they've failed 
when they detect a breach or 
compromise, Naoris SE compares 
periodic state signatures of user systems 
against a whitelist pure state signature 
to instantly flag unusual behavior and 
trigger recovery action. In the case of 
highly critical client systems, it uses 
future-proof, quantum-resistant hashing 
to secure data. This approach has clear 
advantages over cybersecurity services 
currently on the market, including 
reduced response time, more accurate 
monitoring, better cost-effectiveness, 
and greater flexibility. 

Naoris SE benefits from a network of 
decentralized computing power, and its 
tokenomics are designed to align 
incentives throughout its network. Naoris 
SE's initial utility token, NAO, allows 
users to register within the ecosystem, 
and gives them access to and discounts 
on the platform. It also grants users 
access to the network's second token, 
NAOS, which will be airdropped to 
holders of NAO in proportion to their 
holdings. 


market-determined number of NAOS 
each month. This reduces the number of 
tokens in circulation, improving the value 
of each one in active supply. Then, 
validating nodes earn newly-minted 
NAOS as block rewards for the work they 
do on the system, which restarts the 
token cycle. 

8.1. The Naoris Ecosystem 

There are two key roles in the Naoris SE: 
client users who subscribe to the 
platform's cybersecurity services, and 
validating nodes who do work on the 
system. The platform is segmented into 
three tiers by the criticality, or sensitivity 
of the data in guestion. The mechanics of 
the platform work the same in each tier, 
but with additional security precautions 
in the two most critical tiers. 



Rising criticality, rising security 
requirements, rising block rewards 


I 


Users of Naoris SE hold its NAOS token 
in their accounts and pay for the 
network's monitoring services by 
deducting and burning a 
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8.2. Naoris 5E Users 

The Naoris 5E approach is very scalable, 
and capable of serving highly complex 
systems. That makes it a great fit for 
cybersecurity-sensitive clients like 
companies, government agencies and 
militaries, and critical infrastructure 
entities. 

Users of the Naoris 5E platform can 
include companies, networks, and 
individuals. Users are responsible for 
assigning one of three criticality ratings 
to their data, and can do so in as much 
granularity as desired—even at the level 
of individual files. For example, a 
corporate client could keep employees' 
personal data in the highest tier of the 
network, but non-sensitive information in 
a lower tier. 

One key result of Naoris SE's blockchain 
implementation is that clients at all 
security tiers can define scripted 
orchestration rules that will trigger 
actions upon consensus within the 
Naoris 5E command Ej control (CErC) 
management environment. 


8.3. Naoris 5E Validators 

The Naoris 5E blockchain operates three 
tiers of nodes, which have different levels 
of security standards. Security and 
Highest Security nodes process more 
critical data, and will generally receive 
higher rewards for their work. All three 
tiers participate in consensus-based 
validations on the network through a 
chain of zero-knowledge proofs with 
diversified proof points. Additionally, all 
three tiers can accept transactions, 
validate miner solutions and act as 
decentralized computing power. 

Validating operating nodes on the 
network receive block rewards for the 
work they do to secure the network, 
which bootstraps engagement by giving 
them a stake in the platform and an 
interest in keeping it secure. There are 
two main types of block rewards that 
validators can earn: 

° Block rewards for providing proof 
of monitoring. Nodes will receive 
unique codes periodically and 
must report the code back to earn 
the reward. 


° Block rewards for providing other 
cgbersecuritg services. Possible 
examples include anonymization, 
threat reporting, and penetration 
testing. Tokens are rewarded in 
real time and logged through an 
oracle outside of the chain. 
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Example Use Case 
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I Validating nodes can decide what to do with the tokens they 

earn: they can spend them as NAORIS customers (A), sell them 
on the open market (B), or save them to sell or use later (C) 



DATA TRANSFER 

Users send hashed data ta validate nodes for monitoring; 
validators trigger alerts and recovery action if they spot inconsistencies 
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NODES 
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SUBSCRIPTION FEES - 

□ — 

NAOS Tokens are deducted from client 

accounts each month and burned nr- 



_/ 

NEW TOKENS MINED 

Validating nodes receive new NAGS tokens 
as block rewards for their work 


In this fairly typical use case, clients transfer state signatures of their data to validating 
nodes for comparison against whitelist states. NAOS tokens are deducted from their 
accounts as subscription fees for the service. Meanwhile, validating nodes earn new 
NAOS tokens as block rewards for proving that they're providing monitoring services, 
and for reporting inconsistencies back to the user for handling. The validating nodes can 
then decide whether they want to save their tokens, sell them, or spend them on the 
platform via burning (if they're also client). 
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8.4. Pricing 

Prices for the network's services will be 
guantified in NAOS, and set by market 
mechanisms for each of the three tiers. 
Prices will generally be higher for more 
critical systems, since it's necessary to 
monitor them with more stringent 
security standards. However, as the 
world's first blockchain-based 
cybersecurity platform, Naoris expects to 
offer future-proofed quantum-resistant 


monitoring services at far lower costs 
than current solutions. 

On the validator side, token rewards will 
incentivize a continual search for system 
breaches, in addition to regular system 
monitoring. They will also increase for 
monitoring or reporting in higher 
criticality tiers to compensate for the cost 
of meeting higher security standards. 
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8.5 Naoris 5E Tokens 

Naoris 5E will issue two tokens: NAO and 

NAOS. 

Token 1: NAO 

The NAO token is an ERC-20 based token 
that will be sold in Naoris SE's pre-sale 
and TGE on the EOS platform. It is a 
utility token based on ERC-20 that 
serves to register clients, give them 
access to the platform, and obtain 
discounts on the platform. NAO also 
delivers the value of NAOS, because 
holders of NAO will be air dropped a 
proportional number of NAOS tokens 
upon the latter's release. 



NAORIS PLATFORM 


NAO Distribution 


Think Tank 

10% 



Naoris SE plans to issue a total supply of 
400 million NAO tokens, distributed as 
follows: 

° 300 million sold during the pre-TGE & 
TGE 

° 100 million held for Naoris SE 
development 

• 20 million for Naoris SE team El- 
advisors 

• 40 million will support a new Naoris 
cybersecurity thinktank Er programs 


20 million reserved for community 
airdrops and bounties 

20 million will remain locked until 
May 1, 2019 for use atthe board's 
discretion (e.g. to respond to market 
pressures or fund further 
development) 
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Token 2: NAOS 

NAOS is the core of the Naoris 5E. It is a 
utility token that is exclusive medium of 
payment for platform services. 

All holders of NAO will receive a 
proportional quantity of NAOS when the 
latter is released with the platform. Users 
willalsobeabletobuy NAOS on the 
open market in order to store tokens in 
their account to pay for the network's 
services. 

When NAOS tokens are deducted from a 
user's account to pay for services, those 
tokens are burned (by being sent to a 
perpetually-locked wallet), reducing the 
total token supply and creating an 
inflationary incentive for the master 
nodes earning tokens for their work. 

This structure also ensures that there is 
always demand for the token: users will 
continue to buy new tokens to replace 
the ones that are burned each month as 
service fees, creating a living, reactive 
cycle within the network. It also creates 
an economy for the work done by 
network nodes, who are paid in newly- 
minted NAOS tokens. 

I 8.6. Value Proposition 

There are several benefits to using a 
token for the Naoris SE platform, rather 
than fiat currency. First, the platform's 
utility is native to the digital world, and 
thus well-suited for digital exchange. 
Second, the token's blockchain protocol 
allows proof of ownership and enhanced 
security, and makes it possible to embed 
additional logic like functions that react 
to a reported breach. 


One key benefit of burning users' tokens 
as subscription fees each month is that it 
balances out the new tokens awarded to 
validators, and restrains growth in the 
total token supply. As a result, the value 
of the network is spread over a smaller 
active token supply, which—all else 
equal—makes each individual token 
more valuable. 

On the other side of the exchange, 
validators derive value from NAOS in two 
ways. They earn new NAOS as block 
rewards for the monitoring and reporting 
services they provide: in effect, NAOS is 
the “salary” they receive for their work on 
the platform. Validators can then choose 
to subscribe as users and use their 
tokens to pay for platform services; they 
can also opt to sell their tokens on the 
open market, or to hold them. 

Validators who hold their tokens also 
gain through “equity” value appreciation 
in the network. The tokens they hold 
represent a stake in the network where 
their services create value, and that stake 
grows as network effects amplify the 
value of the entire platform. This is akin 
to holding shares in the stock of a 
company that also pays you a salary, 
and also working to drive its value 
appreciation as an engaged participant. 
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8.7. Technology 

NAOS will leverage the EOS platform for 
faster transaction times, and to avoid the 
need for censorship resistance as in ERC- 
20 . 

The Naoris SE platform uses verge 
clustering to improve its processing 
efficiency, while preventing bias and 
targeted attacks by introducing cross 
validators from other clusters to verify 
Merkle hash trees. Validating nodes are 
selected at random to include a majority 
of nodes from outside the user's own 
cluster, in order to mitigate risks of self¬ 
mining and selfish attacks. 

This approach is highly scalable, and 
capable of serving highly complex 
systems. That makes Naoris SE a great 
fit for cybersecurity-sensitive clients like 
companies, government agencies and 
militaries, and critical infrastructure 
entities. 

Naoris SE uses proof of stake (POS) and 
delegated proof of stake (DPOS) to 
validate block rewards, which reduces 
the need to burn large quantities of 
electricity as in proof of work (POW) 
mining. Unlike major POW tokens like 
Bitcoin, Naoris SE has no need for 
censorship resistance, which makes POS 
(and DPOS) an attractive option. Naoris 
SE's POS and DPOS mechanisms also 
benefit network security, since 
participating validator nodes have a 
vested interest in maintaining the 
integrity of the system. 


Naoris SE's novel approach maximizes 
platform efficiency while reducing its 
vulnerabilities. Client data is hashed at 
least once before transmission, with 
more critical data hashed a second time 
under quantum-resistant hashing. Those 
signatures are then compared against 
prior healthy signatures from the same 
system. 

Naoris SE will also make regular backups 
to another blockchain like Ethereum in 
case of catastrophic failure of the 
internet. 

Because of its flexibility, the Naoris SE 
covers an expansive range of 
cybersecurity domains. As a result, it's a 
scalable solution for a wide range of 
cybersecurity domains, and can perform 
extremely diverse functions, thus 
meeting several cybersecurity needs at 
once. 
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9. USE OF FUNDS 


Naoris is undertaking a TGE to facilitate 
the further development of ifs global 
platform, capable of supporting tens of 
billions of devices and to deliver the 
concept to businesses and retail 
customers alike. 

70% Research and Development - 
Resources and Infrastructure 
20% Marketing and Business 
Development 

10% Other - Offices, Events, Legal 


I 10. ROADMAP 


Funds Allocation 



Q2 2019 - Q3 2019 

testing, deployment and improvement 
of the platform under more variable 
conditions while targeting more 
cyber domains 


Q2 2018 - Q3 2018 

private & public token 
generation event 


Q4 2019 - Q1 2020 

deployment of NAORIS S.P.O.E. & 
other distributed solutions, NAORIS 
proof of value with critical 
infrastructure partner 


Q4 2018 - Q1 2019 

listing of NAO token on top 
exchanges 


Q3 2017 - Q4 2017 

prototyping of the NAORIS 
architecture 


Q1 2018 - Q2 2018 

token creation and 
audits 


Q1 2017 - Q2 2017 

gathering of insight and 
feedbackfrom cyberthought 
leaders and influencers 
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Q4 2015 - Q4 2016 

market research and 
technical feasibility study 


11. TEAM & ADVISORS 


Our core team and advisors have a combined 200 years of experience in cybersecurity 
risk management, cryptography, enterprise security architecture, military, ethical 
hacking, security auditing, big data science, critical infrastructure management, project 
management and senior IT strategy. We are backed by leading world-class cyber 
security advisors from the banking industry, critical infrastructure, telecommunications 
military intelligence and others. 



DAVID CARVALHO 

Founder & CEO 



MONICA ORAVCOVA 

COO & Co-Founder 



FERNANDO MARTINHO 

CTO & Co-Founder 


Experienced Chief Information 
Security Officer in multi-national, 
multi-billion dollar companies. He is 
heavily involved in global blockchain 
projects. David is a well-known 
cybersecurity thought leader and 
speaker. 


Monica is an innovative, dynamic and 
accomplished leader with experience 
in IT, privacy, compliance and other 
cybersecurity domains in the 
telecom, finance and manufacturing 
industries. 


Fernando is a senior Information 
Technology Director with 18 years of 
professional IT experience and track 
record of success delivering profit- 
driven technology solutions. 



KJELL GRANDHAGEN 

Former director of the Norwegian 
Intelligence Service for six years, 
finishing a 43 year military career 
that led him to the rank of Lieutenant 
General. He also was the Chairman of 
NATOs Intelligence Committee in 
2D15-16. After his retirement in 2D16 
he works as an advisor to Norwegian 
businesses on geopolitical and cyber 
related issues. 



H.E. KHURRAM SHROFF 

CSO and Team Mentor 

His Excellency Khurram Shroff is being 
awarded a banking and finance excellence 
award, TopIDO Most Powerful and 
Influential Muslims in Great Britain and the 
World by PowerlOO. He was also honored 
and appointed as the Civilian Sponsor for 
The Saudi Arabian Armed Forces, The 
United Arab Emirates (UAE) Armed Forces, 
Pakistan Armed Forces and Director in 
United Nations Association of Canada. 
Director of London Coin Exchange which 
aims to be a fully regulated exchange by 
the FCA. Chairman of International 
Blockchain Capital Group. 



NIC JAMES JENNINGS 

CMO 

Nic is a strategic, charismatic 
communications, marketing and 
events specialist with over ten years 
of diverse experience gained in TV 
news, events, project management 
and consultancy. 
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FLAVIO FONSECA 

Head of Engineering 



MIGUEL CARVALHO 

Digital Marketing Manager 



JOAO FERREIRA SANTOS 

Legal specialist 


Flavio is a true technologist, 
blockchain developer and team lead 
with a long track record of creating 
amazing content for Large Critical 
Infrastructure Businesses. 


Miguel is a goung, passionate 
marketer with studies in Marketing 
and Services Management from Bl 
Norwegian Business School and 
U.PORTO, having helped several 
businesses succeed globally. 


Joao is an experienced Regulatory / 
AML / KYC / IP Advisor. He has 
previously worked at BPI Bank, BNP 
Paribas and various startups as 
managing director in South East Asia. 



JOAN MONINA TOLENTINO 

Social Media Director 

Joan is an accomplished marketing professional with broad business to business experience, 
encompassing strategic planning, public relations, sales promotion and visual merchandising, 
with the ability and skill set to provide creative, innovative, enthusiastic and forward-thinking 
leadership in a team environment. 


Advisors 




AMAR SINGH 

Global Cyber Security & Privacy 
Thought Leader, CISO, Interim 
Executive, Writer and successful 
business owner. Amar is a Chair of 
ISACA UK Security Advisory Group. 


MARK BRINCAT 

CTO - The Economist 

Mark is leading the technology and 
execution for the Economist Business 
iterating the digital product 
ecosystem and introducing new 
platforms to the Economist. 



IGGY BASSI 

Founder & CEO of Cervest 

Iggy is a passionate advocate for 
innovative ventures and ideas that 
address global sustainability 
concerns. He is helping organizations 
reduce risks in agri-markets. 



JANE FRANKLAND 


□ SO Advisor, speaker, international 
author in cybersecurity & champion 
for women in cybersecurity - IF5EC 
Global third most influential person in 
2017 in cyber. 
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MAGDA CHELLY, PH.D, CISSP® 

CMO 

Entrepreneur ©Responsible Cyber, 
experienced Chief Information 
Security Officer, CyberFeminist and 
Cybrary Accomplice! Peerlyst 
Conspirator. Magda belongs to TOP 
50 Cyber Influencers in the world. 
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NAUSHAD REDHAT, MSC, 
CEH, CHFI, MTA 

IT Security Specialist at Photobox 
Group - DV Security Cleared Person, 
RedTeam Leader, conducting a PhD 
in the field of cybersecurity. 



ALAIN SADEGHI 

Alain holds a PhD in Cybersecurity. 
He is an experienced CISQ, Advisor to 
multiple governments and owner of 
cybersecurity consulting services. 



BAL RAI 

Director & Co Founder at 
Cyber Management Alliance 

Bal is a successful entrepreneur with 
Senior IT business development skills 
with over 15 years of experience in 
technical project management, 
training and business growth. 



RICHARD BAYLIE 

CIO at OCS Group, the leading 
international facilities management 
company. Richard brings 28 years' of 
expertise across IT support services, 
retail, FMCG, online & manufacturing. 



KAMILA RUBANINSKA, PHD 

AT&T Director of Operations 

Kamila is a highly energetic leader, 
currently transforming the EMEA 
Service Assurance organisation 
consisting of 250+ technicians. 



ANTONIO CARVALHO 

Antonio Carvalho is Vice President, 
Insight & Analytics, at Liberty Global, 
the largest cable company globally. 


12. CONCLUSION 


Naoris is set to completely revolutionize 
the soon to be $1 trillion dollar 
cybersecurity space through the 
application of blockchain technology. 

Using the benefits of blockchain, Naoris 
fundamentally alters the traditional 
cybersecurity practice which results 
inadvertently in the creation of potential 
failure points. 


healthy, it is agnostic to the type of 
information contained in the 
signature—and even to the reason for 
monitoring the underlying data. As a 
result, the Naoris 5E approach offers 
solutions spanning a wide variety of 
cybersecurity domains, and enables 
instant detection of any type of unusual 
behavior. 

Naoris is also the first company to make 
use of Al and data science to completely 
automate the threat-detection process 
and to carry out self-healing functions. 


Because Naoris SE’s blockchain-based 
approach compares new signatures 
against prior versions known to be 
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Naoris democratizes security by making 
it a collaborative, distributed and trust- 
free automated process devoid of 
vulnerable individual silos. 

Naoris suggests a democratic, consensus 
based approach to security, creating an 
avenue for risk-mitigated information 
sharing, decentralization, and ultimately 
industry-wide standardization. 

NAO tokens will help businesses and 
individuals to carry out transactions with 
the utmost data security, as it is devoid 


of any identifying personal information 
whatsoever. 

NAOS tokens offer three primary 
components of value. First, it is the only 
way for users to access the platform and 
its services, and the main direct way of 
paying validators for their work. Token 
ecosystem ensures that there is always 
demand for the token: users will continue 
to buy new tokens to replace the ones 
that are burned each month as service 
fees, creating a living, reactive cycle 
within the network. 


13. DISCLAIMER 

Without permission, anyone may use, reproduce or distribute any material in this white paperfor non¬ 
commercial and educational use (i.e, other than for a fee or for commercial purposes) provided fhat fhe 
original source and fhe applicable copyright notice are cited. 

This whitepaper is for informafion purposes only. Naoris does not guarantee the accuracy of or fhe 
conclusions reached in this white paper, and this white paper is provided "as is". Naoris does not make 
and expressly disclaims all representations and warranties, express, implied, statutory or otherwise, 
whatsoever, including, but not limited to: (i) warranties of merchantabilify, fitness for a particular purpose, 
suitability, usage, title or non infringement; (ii) that the contents of this white paper are free from error; 
and (iii) that such contents will not infringe third-party rights. 

All statements regarding the Naoris's business strategies, plans and prospects and the future prospects 
of the industry which the Token Vendor and/or its affiliates are in are forward-looking statements. These 
forward-looking statements involve known and unknown risks, uncertainties and other factors that may 
cause the actual future results, performance or achievements of Naoris. 

Naoris and its affiliates shall have no liability for damages of any kind arising out of the use, reference to, 
or reliance on this white paper orany of the content contained herein, even if advised of the possibility of 
such damages. In no event will Naoris or its affiliates be liable to any person or entity for any damages, 
losses, liabilities, costs or expenses of any kind, whether direct or indirect, conseguential, compensatory, 
incidental, actual, exemplary, punitive or special for the use of, reference to, or reliance on this white paper 
orany of the content contained herein, including, without limitation, any loss of business, revenues, 
profits, data, use, goodwill or other intangible losses. 

Further, the Tokens are not intended to constitute securities of any form, units in a business trust, units in 
a collective investment scheme orany other form of investment in any jurisdiction. This Whitepaper does 
not constitute a prospectus or offer document of any sort and is not intended to constitute an offer of 
securities of any form, units in a business trust, units in a collective investment scheme orany other form 
of investment, or a solicitation for any form of investment in any jurisdiction. This Whitepaper does not 
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constitute or form part of any opinion or any advice fo acquire, sell, or any solicitation of any offer by 
Naoris to acquire any Tokens nor shall it or any part of it nor the fact of its presentation form the basis of, 
or be relied upon in connection with, any contract or investment decision. The proceeds from the sale of 
the Tokens will be deployed to support the research and development and growth of the Naoris Security 
Ecosystem, cyber security equipment expenses, marketing, general operations and administrative 
purposes, sales and marketing activities, and accounting, legal and compliance expenses. No person is 
bound to enter into any contract or binding legal commitment in relation to the acquisition of Tokens and 
no crypfocurrency or of her form of payment is to be accepted on the basis of this Whitepaper. 


PLEASE NOTE THAT YOU ARE NOT ELIGIBLE AND YOU ARE NOTTO PURCHASE ANYTOKENS IN THE 
TOKEN SALE IF: (A) YOU ARE LOCATED IN THE PEOPLE'S REPUBLIC OF CHINA OR IF YOU ARE A CITIZEN 
OR RESIDENT (TAX OR OTHERWISE) OF, OR DOMICILED IN, THE PEOPLE'S REPUBLIC OF CHINA; (B) YOU 
ARE LOCATED IN THE UNITED STATES OF AMERICA OR IF YOU ARE A CITIZEN, RESIDENT (TAX OR 
OTHERWISE) OR GREEN CARD HOLDER OF, OR DOMICILED IN, THE UNITED STATES OF AMERICA 
UNLESS YOU ARE A U.S. QUALIFIED PERSON; OR (C) SUCH TOKEN SALE IS PROHIBITED, RESTRICTED 
OR UNAUTHORIZED IN ANY FORM OR MANNER WHETHER IN FULL OR IN PART UNDER THE LAWS, 
REGULATORY REQUIREMENTS OR RULES IN ANY JURISDICTION APPLICABLE TO YOU, AT THE TIME OF 
YOUR INTENDED PURCHASEOR PURCHASE OF THE TOKENS INTHETOKEN SALE. 


No regulatory authority has examined or approved of any of the information set out in this Whitepaper. 
No such action has been or will be taken under the laws, regulatory requirements or rules of any 
jurisdiction. 

NO ADVICE - No information in this Whitepaper should be considered to be business, legal, financial orfax 
advice regarding Naoris and/orfheiraffiliates, theTokens, theToken Sale, orthe Naoris Security 
Ecosystem. You should consult your own legal, financial, fax or ofher professional adviser regarding fhe 
Token Vendor, and/or their affiliates and their respective businesses and operations, the Tokens, the 
Token Sale, and the Naoris Security Ecosystem. You should be aware that you may be required to bear 
the financial risk of any purchase of Tokens for an indefinite period of time. 

RISKS AND UNCERTAINTIES - Prospective purchasers of the Tokens should carefully consider and 
evaluate all risks and uncertainties associated with Naoris and their affiliates and their respective 
businesses and operations, the Tokens, the Token Sale, and the Naoris Security Ecosystem, all 
information set out in this Whitepaper and the Token Sale Terms prior to any purchase of the Tokens. 

NO OFFER OF INVESTMENT OR REGISTRATION - This Whitepaper does not constitute a prospectus or 
offer document of any sort and is not intended to constitute an offer of securities of any form, units in a 
business trust, units in a collective investment scheme or any other form of investment, or a solicitation 
for any form of investment in any jurisdiction. No person is bound to enter into any contract or binding 
legal commitment and no cryptocurrency or other form of payment is to be accepted on the basis of this 
Whitepaper. 
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